We use cookies to ensure you get the best experience on our website
탐색 도움말
가입하기 로그인
0ct0pu5
/
moby
1
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
트리: b3ee9ac74e
브랜치 태그
moby
/
daemon
/
execdriver
/
native
/
configuration
/
parse_test.go

parse_test.go 4.4 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193 
  1. package configuration
    2. 

  2. 

  3. import (
    4. 

  4. 	"testing"
    5. 

  5. 

  6. 	"github.com/docker/libcontainer/security/capabilities"
    7. 

  7. 	"github.com/docker/docker/daemon/execdriver/native/template"
    8. 

  8. )
    9. 

  9. 

  10. // Checks whether the expected capability is specified in the capabilities.
    11. 

  11. func hasCapability(expected string, capabilities []string) bool {
    12. 

  12. 	for _, capability := range capabilities {
    13. 

  13. 		if capability == expected {
    14. 

  14. 			return true
    15. 

  15. 		}
    16. 

  16. 	}
    17. 

  17. 	return false
    18. 

  18. }
    19. 

  19. 

  20. func TestSetReadonlyRootFs(t *testing.T) {
    21. 

  21. 	var (
    22. 

  22. 		container = template.New()
    23. 

  23. 		opts      = []string{
    24. 

  24. 			"fs.readonly=true",
    25. 

  25. 		}
    26. 

  26. 	)
    27. 

  27. 

  28. 	if container.MountConfig.ReadonlyFs {
    29. 

  29. 		t.Fatal("container should not have a readonly rootfs by default")
    30. 

  30. 	}
    31. 

  31. 	if err := ParseConfiguration(container, nil, opts); err != nil {
    32. 

  32. 		t.Fatal(err)
    33. 

  33. 	}
    34. 

  34. 

  35. 	if !container.MountConfig.ReadonlyFs {
    36. 

  36. 		t.Fatal("container should have a readonly rootfs")
    37. 

  37. 	}
    38. 

  38. }
    39. 

  39. 

  40. func TestConfigurationsDoNotConflict(t *testing.T) {
    41. 

  41. 	var (
    42. 

  42. 		container1 = template.New()
    43. 

  43. 		container2 = template.New()
    44. 

  44. 		opts       = []string{
    45. 

  45. 			"cap.add=NET_ADMIN",
    46. 

  46. 		}
    47. 

  47. 	)
    48. 

  48. 

  49. 	if err := ParseConfiguration(container1, nil, opts); err != nil {
    50. 

  50. 		t.Fatal(err)
    51. 

  51. 	}
    52. 

  52. 

  53. 	if !hasCapability("NET_ADMIN", container1.Capabilities) {
    54. 

  54. 		t.Fatal("container one should have NET_ADMIN enabled")
    55. 

  55. 	}
    56. 

  56. 	if hasCapability("NET_ADMIN", container2.Capabilities) {
    57. 

  57. 		t.Fatal("container two should not have NET_ADMIN enabled")
    58. 

  58. 	}
    59. 

  59. }
    60. 

  60. 

  61. func TestCpusetCpus(t *testing.T) {
    62. 

  62. 	var (
    63. 

  63. 		container = template.New()
    64. 

  64. 		opts      = []string{
    65. 

  65. 			"cgroups.cpuset.cpus=1,2",
    66. 

  66. 		}
    67. 

  67. 	)
    68. 

  68. 	if err := ParseConfiguration(container, nil, opts); err != nil {
    69. 

  69. 		t.Fatal(err)
    70. 

  70. 	}
    71. 

  71. 

  72. 	if expected := "1,2"; container.Cgroups.CpusetCpus != expected {
    73. 

  73. 		t.Fatalf("expected %s got %s for cpuset.cpus", expected, container.Cgroups.CpusetCpus)
    74. 

  74. 	}
    75. 

  75. }
    76. 

  76. 

  77. func TestAppArmorProfile(t *testing.T) {
    78. 

  78. 	var (
    79. 

  79. 		container = template.New()
    80. 

  80. 		opts      = []string{
    81. 

  81. 			"apparmor_profile=koye-the-protector",
    82. 

  82. 		}
    83. 

  83. 	)
    84. 

  84. 	if err := ParseConfiguration(container, nil, opts); err != nil {
    85. 

  85. 		t.Fatal(err)
    86. 

  86. 	}
    87. 

  87. 

  88. 	if expected := "koye-the-protector"; container.AppArmorProfile != expected {
    89. 

  89. 		t.Fatalf("expected profile %s got %s", expected, container.AppArmorProfile)
    90. 

  90. 	}
    91. 

  91. }
    92. 

  92. 

  93. func TestCpuShares(t *testing.T) {
    94. 

  94. 	var (
    95. 

  95. 		container = template.New()
    96. 

  96. 		opts      = []string{
    97. 

  97. 			"cgroups.cpu_shares=1048",
    98. 

  98. 		}
    99. 

  99. 	)
    100. 

  100. 	if err := ParseConfiguration(container, nil, opts); err != nil {
    101. 

  101. 		t.Fatal(err)
    102. 

  102. 	}
    103. 

  103. 

  104. 	if expected := int64(1048); container.Cgroups.CpuShares != expected {
    105. 

  105. 		t.Fatalf("expected cpu shares %d got %d", expected, container.Cgroups.CpuShares)
    106. 

  106. 	}
    107. 

  107. }
    108. 

  108. 

  109. func TestMemory(t *testing.T) {
    110. 

  110. 	var (
    111. 

  111. 		container = template.New()
    112. 

  112. 		opts      = []string{
    113. 

  113. 			"cgroups.memory=500m",
    114. 

  114. 		}
    115. 

  115. 	)
    116. 

  116. 	if err := ParseConfiguration(container, nil, opts); err != nil {
    117. 

  117. 		t.Fatal(err)
    118. 

  118. 	}
    119. 

  119. 

  120. 	if expected := int64(500 * 1024 * 1024); container.Cgroups.Memory != expected {
    121. 

  121. 		t.Fatalf("expected memory %d got %d", expected, container.Cgroups.Memory)
    122. 

  122. 	}
    123. 

  123. }
    124. 

  124. 

  125. func TestMemoryReservation(t *testing.T) {
    126. 

  126. 	var (
    127. 

  127. 		container = template.New()
    128. 

  128. 		opts      = []string{
    129. 

  129. 			"cgroups.memory_reservation=500m",
    130. 

  130. 		}
    131. 

  131. 	)
    132. 

  132. 	if err := ParseConfiguration(container, nil, opts); err != nil {
    133. 

  133. 		t.Fatal(err)
    134. 

  134. 	}
    135. 

  135. 

  136. 	if expected := int64(500 * 1024 * 1024); container.Cgroups.MemoryReservation != expected {
    137. 

  137. 		t.Fatalf("expected memory reservation %d got %d", expected, container.Cgroups.MemoryReservation)
    138. 

  138. 	}
    139. 

  139. }
    140. 

  140. 

  141. func TestAddCap(t *testing.T) {
    142. 

  142. 	var (
    143. 

  143. 		container = template.New()
    144. 

  144. 		opts      = []string{
    145. 

  145. 			"cap.add=MKNOD",
    146. 

  146. 			"cap.add=SYS_ADMIN",
    147. 

  147. 		}
    148. 

  148. 	)
    149. 

  149. 	if err := ParseConfiguration(container, nil, opts); err != nil {
    150. 

  150. 		t.Fatal(err)
    151. 

  151. 	}
    152. 

  152. 

  153. 	if !hasCapability("MKNOD", container.Capabilities) {
    154. 

  154. 		t.Fatal("container should have MKNOD enabled")
    155. 

  155. 	}
    156. 

  156. 	if !hasCapability("SYS_ADMIN", container.Capabilities) {
    157. 

  157. 		t.Fatal("container should have SYS_ADMIN enabled")
    158. 

  158. 	}
    159. 

  159. }
    160. 

  160. 

  161. func TestDropCap(t *testing.T) {
    162. 

  162. 	var (
    163. 

  163. 		container = template.New()
    164. 

  164. 		opts      = []string{
    165. 

  165. 			"cap.drop=MKNOD",
    166. 

  166. 		}
    167. 

  167. 	)
    168. 

  168. 	// enabled all caps like in privileged mode
    169. 

  169. 	container.Capabilities = capabilities.GetAllCapabilities()
    170. 

  170. 	if err := ParseConfiguration(container, nil, opts); err != nil {
    171. 

  171. 		t.Fatal(err)
    172. 

  172. 	}
    173. 

  173. 

  174. 	if hasCapability("MKNOD", container.Capabilities) {
    175. 

  175. 		t.Fatal("container should not have MKNOD enabled")
    176. 

  176. 	}
    177. 

  177. }
    178. 

  178. 

  179. func TestDropNamespace(t *testing.T) {
    180. 

  180. 	var (
    181. 

  181. 		container = template.New()
    182. 

  182. 		opts      = []string{
    183. 

  183. 			"ns.drop=NEWNET",
    184. 

  184. 		}
    185. 

  185. 	)
    186. 

  186. 	if err := ParseConfiguration(container, nil, opts); err != nil {
    187. 

  187. 		t.Fatal(err)
    188. 

  188. 	}
    189. 

  189. 

  190. 	if container.Namespaces["NEWNET"] {
    191. 

  191. 		t.Fatal("container should not have NEWNET enabled")
    192. 

  192. 	}
    193. 

  193. }
    194.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5